Josh Bressers4d ago

This episode of #OpenSourceSecurity I chat with Aaron Lippold from MITRE about #STIG automation (it's one big open source project)

STIG has historically been incredibly difficult and a bit of a niche space. Thanks to #FedRAMP it's getting more attention than ever before, and the work Aaron has been doing makes it a lot easier

https://opensourcesecurity.io/2025/2025-06-stig-automation-aaron-lippold/

STIG automation with Aaron Lippold

I chat with Aaron Lippold, creator of MITRE’s Security Automation Framework (SAF), to discuss how to escape the pain of manual STIG compliance. We explore the technical details of open-source tools like InSpec, Heimdall, and Vulcan that automate validation, normalize diverse security data, and streamline the entire security authoring process. Episode Links Aaron MITRE SAF This episode is also available as a podcast, search for “Open Source Security” on your favorite podcast player.

Open Source Security
CrowdSecJun 4

Build a homelab that’s responsive and secure — with open source tools like @CrowdSec 🛡️😉

Check out this great talk by community member Jonny5, recorded at @_bsideskc last month 🎤
📺 https://youtube.com/watch?v=TZFNesWJbTc

#OpenSourceSecurity #CyberSecurity #InfoSec #BSidesKC2025 #Homelab #Community

Responsive Home Lab - Jonny5

YouTube
CrowdSecJun 3

Set up CrowdSec IPDEX on OPNsense to enhance threat detection, response, and intelligence gathering.

Follow this guide by CrowdSec Ambassador Flaviu to start running CrowdSec IPDEX, a simple CLI tool that gathers insights on IP addresses, on @opnsense, the open source FreeBSD-based firewall.

Get started 👉 https://vlaicu.io/posts/crowdsec-ipdex/

#opensource #opensourcesecurity #threatintelligence #firewall #cybersecurity

Crowdsec IPDEX on OPNsense

IPDEX a simple CLI tool to gather insight about a list of IPs or an IP using the CrowdSec CTI

Flaviu Vlaicu
Josh BressersJun 2

This week #OpenSourceSecurity chats with @andrewnez about @ecosystems

Ecosyste.ms is a massive collection of data about open source projects

It's an amazingly useful collection of data. If you're doing anything that needs information about open source packages, or git repos, or even the folks who work on this stuff, you should check it out

https://opensourcesecurity.io/2025/2025-06-ecosystems_andrew_nesbitt/

Ecosyste.ms with Andrew Nesbitt

I recently chatted with Andrew Nesbitt about his project, Ecosyste.ms. Ecosyste.ms catalogs open source projects by tracking packages, dependencies, repositories, and more. With this dataset Andrew is able to incredible insights into the world of open source. We chat all about how Ecosyste.ms works and how he manages to wrangle all this data. Episode Links Andrew Ecosyste.ms Open Collective OpenSSF Issue 101 This episode is also available as a podcast, search for “Open Source Security” on your favorite podcast player.

Open Source Security
OpenSSFMay 30

🔒 Member Spotlight: Trail of Bits
From PEP 740 to OpenSSF Scorecard dashboards, they’re shaping the future of #OpenSourceSecurity with standards, prototypes, & policy leadership.

Read more 👇
🔗https://openssf.org/blog/2025/05/30/member-spotlight-trail-of-bits-driving-open-source-security-through-standards-prototypes-and-policy/

anchoreMay 27
70% of software uses open source, but only 15% of organizations are confident in their risk management. Attend our launch webinar to see how Anchore SBOM can help! We'll demo SBOM management, vulnerability prioritization, and more. Register here: https://go.anchore.com/introducing-anchore-sbom.html #OpenSourceSecurity #Webinar #Anchore
Show threadCrowdSecMay 19

As the image shows, we see that inside the results, many actors are classified as benign, which confirms that although the exploit is dangerous, the actual campaign is not. This level of enrichment provided by CrowdSec CTI helps security teams prioritize alerts, and IPDEX supports this workflow, allowing analysts to filter out harmless campaigns such as the one by the Shadowserver Foundation. You can also add a filter within IPDEX to remove those benign actors and filter on the date of last activity.

You can get started with IPDEX by heading over to the CrowdSec GitHub 👉 https://github.com/crowdsecurity/ipdex

🧵[2/2]

#CrowdSec #CyberSecurity #CTI #Fortinet #CVE202455591 #Infosec #ThreatIntel #OpenSourceSecurity

GitHub - crowdsecurity/ipdex

Contribute to crowdsecurity/ipdex development by creating an account on GitHub.

GitHub
CrowdSecMay 19

🚨Spike in Fortinet CVE-2024-55591 vulnerability rapidly increased in the past week 👇

The #CrowdSec Network has detected a wave of exploitation attempts targeting CVE-2024-55591, a Fortinet vulnerability that affects FortiWAN versions before 5.3.2. First seen on April 23rd, the CrowdSec Network still sees elevated levels of probing and exploitation.

ℹ️ About the exploit:
This flaw allows remote attackers to perform unauthenticated command injection on exposed FortiWAN instances. This vulnerability affects FortiWAN versions prior to 5.3.2. It enables attackers to execute arbitrary commands via crafted HTTP requests — no authentication required.

🔎 Trend analysis:
🔹 April 23rd: The CrowdSec Network detects a shift in the long-term trend of CVE-2024-55591 exploits.
🔹 April 23rd - April 28th: Activity increases rapidly from 30 to about 80 malicious IPs reported daily, producing over 400 distinct attack events.
🔹 April 29 - May 2nd: The attackers take a break. This provides a key point of insight into the nature of this attack campaign.
🔹 May 3rd - May 19th: The attack picks back up with increased intensity. It now originates from around 200 unique IP addresses per day and produces about 900 attack events per day.
🔹 May 19th: The CrowdSec Network still sees elevated levels of probing and exploitation attempts.

✅ How to protect your systems:
🔹 You can use CrowdSec’s open CTI search bar and blocklists to stay ahead of the curve. https://app.crowdsec.net/cti?q=cves%3A%22CVE-2024-55591%22&page=1
🔹 Alternatively, you can use CrowdSec’s newest tool, IPDEX, to build instant reports for this particular CVE and explore the data CrowdSec has aggregated. https://www.crowdsec.net/blog/introducing-crowdsec-ipdex

For more information, visit 👉 http://crowdsec.net 🧵[1/2]

#CyberSecurity #CrowdSec #CTI #Fortinet #CVE202455591 #Infosec #ThreatIntel #OpenSourceSecurity

Finite StateMay 16

🔓 Open source is the backbone of modern IoT — but it’s also one of the biggest hidden risk factors.

In our latest blog, we cover best practices to managing open-source dependencies & the common challenges to overcome.

https://finitestate.io/blog/open-source-dependency-management-iot

#IoTSecurity #OpenSourceSecurity

Best Practices for Managing Open-Source Dependencies in IoT Software

Learn why open-source dependency management is critical for IoT security, compliance, and resilience—plus best practices and tools to get it right.

OpenSSFMay 14

📢 CFP is open for #OpenSSFCommunity Day Korea — Nov 4 in Seoul, colocated with the Linux Foundation's Open Source Summit Korea!

🗓 Submit by Aug 3 (23:59 KST | 06:59 PST)
🔗 https://events.linuxfoundation.org/openssf-community-day-korea/program/cfp/

#OpenSSF #OSSummit #OpenSourceSecurity

Call For Proposals (CFP) | LF Events

OpenSSF Community Days are an opportunity for Community Members from across the Security and Open Source ecosystem to get together and share ideas and progress on capabilities that make it easier to…

LF Events